Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230362e302f32342d3234203d3e203630343932.roa
File:                     3139332e372e3230362e302f32342d3234203d3e203630343932.roa (raw, json)
Hash identifier:          3kgHFhx3RthVERDFxT/EsGeRl8L0/YVyrMuknKzRqfA=
Subject key identifier:   89:A8:CD:C3:06:DF:F5:3E:A7:FE:7A:3A:15:79:D3:D2:01:E8:57:2C
Certificate issuer:       /CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
Certificate serial:       3AA5DFAAEC3C27E35C675B3DC5E5799DAA42E7FE
Authority key identifier: 21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230362e302f32342d3234203d3e203630343932.roa
Signing time:             Fri 04 Jul 2025 12:05:02 +0000
ROA not before:           Fri 04 Jul 2025 12:00:02 +0000
ROA not after:            Fri 03 Jul 2026 12:05:02 +0000
asID:                     60492
IP address blocks:        193.7.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 14:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:a5:df:aa:ec:3c:27:e3:5c:67:5b:3d:c5:e5:79:9d:aa:42:e7:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
        Validity
            Not Before: Jul  4 12:00:02 2025 GMT
            Not After : Jul  3 12:05:02 2026 GMT
        Subject: CN=89A8CDC306DFF53EA7FE7A3A1579D3D201E8572C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:db:a1:b8:94:71:6e:e5:16:ab:56:f2:62:75:
                    b6:de:c2:1c:a2:2e:dc:27:e3:a7:f1:3f:e9:ba:03:
                    7c:2b:be:2a:31:21:82:e5:27:d0:30:de:3d:9b:0f:
                    bf:02:b6:46:e6:7c:04:49:be:bd:97:37:f1:2b:0b:
                    5e:20:d5:62:4f:4d:65:98:c8:4f:2c:ce:21:13:2e:
                    cd:4f:c3:6f:69:7e:0a:49:5a:80:02:ef:3b:ed:ef:
                    d4:df:fc:4f:05:d7:d6:68:0b:59:94:bc:65:04:ad:
                    da:ca:5e:f1:83:c4:d3:e9:8a:4b:df:ad:cd:8d:82:
                    95:1b:0b:77:07:b1:78:34:91:86:a0:ce:6e:83:5f:
                    b7:25:82:a9:56:f5:b7:53:ac:50:de:6f:4b:df:30:
                    0b:ee:fe:8e:40:da:04:fd:e4:b8:5c:c2:4f:e8:6f:
                    aa:c1:17:12:82:86:a9:f9:62:0d:88:b0:77:e5:ef:
                    80:6f:e9:38:79:fd:06:62:08:52:b7:c5:1a:ed:ac:
                    07:7f:c8:d3:54:07:fc:00:b0:a7:bc:b1:59:63:a4:
                    6f:fd:be:97:ee:f6:33:27:b1:62:da:28:e5:1b:32:
                    9d:4c:c6:d9:09:18:04:6f:eb:82:79:03:8d:9b:34:
                    1f:20:ea:40:8d:70:86:97:37:83:b8:7e:b8:e0:2a:
                    32:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:A8:CD:C3:06:DF:F5:3E:A7:FE:7A:3A:15:79:D3:D2:01:E8:57:2C
            X509v3 Authority Key Identifier:
                keyid:21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230362e302f32342d3234203d3e203630343932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.7.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:f4:73:4f:d1:24:af:8a:62:66:c0:53:ee:15:37:19:03:2d:
         96:c8:13:2e:15:bb:ab:9d:9b:10:24:3b:52:56:0d:7b:d5:08:
         27:72:40:cc:a3:b8:c5:6b:18:31:42:3d:57:54:61:0a:a5:0c:
         c3:a4:a6:cd:8e:fc:92:60:b0:f0:de:76:15:44:a7:52:91:65:
         e7:22:d4:5e:31:95:5c:a4:f9:a2:31:4a:65:59:5e:80:07:26:
         fc:f4:62:b4:af:90:1a:f3:ca:94:c1:ee:7e:04:ad:fd:f6:f3:
         01:be:ef:8f:5c:25:1c:80:27:5a:bb:bf:99:3a:c9:14:c3:15:
         db:c1:ec:2e:55:a6:28:ac:77:26:24:52:fc:06:0f:6d:84:51:
         08:b5:de:ea:0f:ce:a7:fd:f8:66:33:ae:68:77:3f:69:1c:19:
         5b:33:e7:a1:7e:c4:de:0c:d9:f0:4e:1b:5b:1e:15:8d:af:77:
         95:4c:56:17:ed:5e:2b:71:de:b1:f5:bf:1b:fe:e0:6d:be:65:
         d3:25:d6:98:49:d7:7c:4c:6b:cd:bf:45:6e:72:84:4a:ad:7f:
         af:49:26:ee:97:1c:c8:79:02:14:da:db:e9:4e:e3:9f:89:8d:
         56:30:a8:03:55:78:de:36:d6:07:a7:bc:9f:3a:9e:3f:86:7a:
         39:cc:da:76
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUOqXfquw8J+NcZ1s9xeV5napC5/4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjExYTA0ODg5MDk2OWZhN2Q0YjZhZWY4YzAyMGNkYTQ0
NDRlYzJlNTAeFw0yNTA3MDQxMjAwMDJaFw0yNjA3MDMxMjA1MDJaMDMxMTAvBgNV
BAMTKDg5QThDREMzMDZERkY1M0VBN0ZFN0EzQTE1NzlEM0QyMDFFODU3MkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr26G4lHFu5RarVvJidbbewhyi
Ltwn46fxP+m6A3wrvioxIYLlJ9Aw3j2bD78CtkbmfARJvr2XN/ErC14g1WJPTWWY
yE8sziETLs1Pw29pfgpJWoAC7zvt79Tf/E8F19ZoC1mUvGUErdrKXvGDxNPpikvf
rc2NgpUbC3cHsXg0kYagzm6DX7clgqlW9bdTrFDeb0vfMAvu/o5A2gT95Lhcwk/o
b6rBFxKChqn5Yg2IsHfl74Bv6Th5/QZiCFK3xRrtrAd/yNNUB/wAsKe8sVljpG/9
vpfu9jMnsWLaKOUbMp1MxtkJGARv64J5A42bNB8g6kCNcIaXN4O4frjgKjIfAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUiajNwwbf9T6n/no6FXnT0gHoVywwHwYDVR0j
BBgwFoAUIRoEiJCWn6fUtq74wCDNpEROwuUwDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzIvMjExQTA0ODg5MDk2OUZBN0Q0QjZBRUY4QzAyMENE
QTQ0NDRFQzJFNS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lSb0VpSkNXbjZm
VXRxNzR3Q0ROcEVST3d1VS5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMi8zMTM5MzMyZTM3MmUzMjMwMzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNjMwMzQzOTMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQfOMA0GCSqGSIb3DQEBCwUAA4IBAQAZ
9HNP0SSvimJmwFPuFTcZAy2WyBMuFburnZsQJDtSVg171QgnckDMo7jFaxgxQj1X
VGEKpQzDpKbNjvySYLDw3nYVRKdSkWXnItReMZVcpPmiMUplWV6AByb89GK0r5Aa
88qUwe5+BK399vMBvu+PXCUcgCdau7+ZOskUwxXbwewuVaYorHcmJFL8Bg9thFEI
td7qD86n/fhmM65odz9pHBlbM+ehfsTeDNnwThtbHhWNr3eVTFYX7V4rcd6x9b8b
/uBtvmXTJdaYSdd8TGvNv0VucoRKrX+vSSbulxzIeQIU2tvpTuOfiY1WMKgDVXje
NtYHp7yfOp4/hno5zNp2
-----END CERTIFICATE-----